[Mpuls-commits] r5814 - base/trunk/mpulsweb/lib
scm-commit at wald.intevation.org
scm-commit at wald.intevation.org
Mon Feb 13 10:39:24 CET 2012
Author: roland
Date: 2012-02-13 10:39:24 +0100 (Mon, 13 Feb 2012)
New Revision: 5814
Modified:
base/trunk/mpulsweb/lib/metaclient.py
Log:
issue2590: adapt the SSL calls to python 2.6 for use in debian squeeze
Modified: base/trunk/mpulsweb/lib/metaclient.py
===================================================================
--- base/trunk/mpulsweb/lib/metaclient.py 2012-02-13 08:15:44 UTC (rev 5813)
+++ base/trunk/mpulsweb/lib/metaclient.py 2012-02-13 09:39:24 UTC (rev 5814)
@@ -5,7 +5,7 @@
import logging
import simplejson
-import OpenSSL.SSL as SSL
+import ssl
from mpulsweb.lib.translation import _
@@ -105,19 +105,6 @@
return sock
-class OpenSSLSocket(httplib.FakeSocket):
-
- """pyOpenSSL specific version of httplib.FakeSocket.
-
- The OpenSSL.SSL.Connection object behaves a little different than
- the ssl objects of Python's standard library for which FakeSocket
- was written, so FakeSocket has to be modified a little.
- """
-
- def sendall(self, stuff, flags=0):
- return self._ssl.sendall(stuff, flags)
-
-
def format_name(name):
"""Format an OpenSSL X509Name object for debugging and logging output."""
return "/".join("%s=%s" % pair for pair in name.get_components())
@@ -155,40 +142,42 @@
If the certificate does not match the hostname, an
SSLHostMismatchException is raised.
"""
- name_components = certificate.get_subject().get_components()
- for key, value in name_components:
- if key == "CN" and value == hostname:
- return
+ subject_components = certificate["subject"]
+ for name_components in subject_components:
+ for (key, value) in name_components:
+ if key == "commonName" and value == hostname:
+ return
raise SSLHostMismatchException("No common name in %r matches %r"
% (name_components, hostname))
def get_ssl_context(cacert_file, client_cert_file, client_key_file):
- """Create and return an SSL context.
- The context can be used with connect_ssl.
+ """Returns a dictionary with the information for ssl.wrap_socket()
"""
- ctx = SSL.Context(SSL.SSLv23_METHOD)
- ctx.set_verify(SSL.VERIFY_PEER, verify_cb)
- if client_cert_file:
- ctx.use_certificate_file(client_cert_file)
- if client_key_file:
- ctx.use_privatekey_file(client_key_file)
- if cacert_file:
- ctx.load_verify_locations(cacert_file)
- return ctx
+ ssl_context = {"ssl_version": ssl.PROTOCOL_SSLv23,
+ "keyfile": client_key_file,
+ "certfile": client_cert_file,
+ "cert_reqs": ssl.CERT_REQUIRED,
+ "ca_certs": cacert_file }
+ return ssl_context
+
def connect_ssl(ssl_context, sock, hostname):
"""Start an SSL connection on the socket sock.
The socket has to be connected already. After a successful SSL
handshake verify_peer_hostname is used to make sure that the
certificate matches the hostname given in the hostname argument.
"""
- ssl = SSL.Connection(ssl_context, sock)
- ssl.set_connect_state()
- ssl.do_handshake()
- verify_peer_hostname(ssl.get_peer_certificate(), hostname)
- return OpenSSLSocket(sock, ssl)
+ ssl_socket = ssl.wrap_socket(sock,
+ keyfile=ssl_context["keyfile"],
+ certfile=ssl_context["certfile"],
+ cert_reqs=ssl_context["cert_reqs"],
+ ssl_version=ssl_context["ssl_version"],
+ ca_certs=ssl_context["ca_certs"])
+ ssl_socket.do_handshake()
+ verify_peer_hostname(ssl_socket.getpeercert(), hostname)
+ return ssl_socket
def open_http_connection(host, port, ssl_context):
More information about the Mpuls-commits
mailing list